--- /dev/null
+#
+# Copyright (C) 2009-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/uclibc++.mk
+
+PKG_NAME:=db47
+PKG_VERSION:=4.7.25.NC
+PKG_RELEASE:=6
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/db-$(PKG_VERSION)
+PKG_SOURCE:=db-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://download.oracle.com/berkeley-db/
+PKG_MD5SUM:=073ab7f20d24b3872a51ca762f5090e7
+PKG_MAINTAINER:=Marcel Denia <naoir@gmx.net>
+PKG_LICENSE:=BSD-2c
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_FIXUP:=autoreconf
+PKG_LIBTOOL_PATHS:=. build_unix
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libdb47
+ SECTION:=libs
+ CATEGORY:=Libraries
+ DEPENDS:=+libxml2
+ TITLE:=Berkeley DB library (4.7)
+ URL:=http://www.sleepycat.com/products/db.shtml
+endef
+
+define Package/libdb47/description
+ Berkeley DB library (4.7).
+endef
+
+define Package/libdb47xx
+ SECTION:=libs
+ CATEGORY:=Libraries
+ DEPENDS:=+libdb47 $(CXX_DEPENDS)
+ TITLE:=Berkeley DB library (4.7) for C++
+ URL:=http://www.sleepycat.com/products/db.shtml
+endef
+
+define Package/libdb47xx/description
+ Berkeley DB library (4.7). C++ wrapper.
+endef
+
+CONFIGURE_PATH = build_unix
+CONFIGURE_CMD = ../dist/configure
+
+CONFIGURE_ARGS += \
+ --enable-shared \
+ --enable-static \
+ --disable-java \
+ --with-mutex=UNIX/fcntl \
+ --disable-tcl \
+ --disable-rpc \
+ --enable-compat185 \
+ --enable-smallbuild \
+ --disable-debug \
+ --enable-cryptography \
+ $(if $(CONFIG_PACKAGE_libdb47xx),--enable-cxx,--disable-cxx)
+
+TARGET_CFLAGS += $(FPIC)
+
+define Build/Compile
+ +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/build_unix \
+ DESTDIR="$(PKG_INSTALL_DIR)" all
+ $(MAKE) -C $(PKG_BUILD_DIR)/build_unix \
+ DESTDIR="$(PKG_INSTALL_DIR)" install
+endef
+
+define Package/libdb47/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdb-*.so $(1)/usr/lib/
+endef
+
+define Package/libdb47xx/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdb_cxx-*.so $(1)/usr/lib/
+endef
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/db.h $(1)/usr/include/
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/db_cxx.h $(1)/usr/include/
+ $(INSTALL_DIR) $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdb*.{a,so} $(1)/usr/lib
+endef
+
+$(eval $(call BuildPackage,libdb47))
+$(eval $(call BuildPackage,libdb47xx))
+
--- /dev/null
+diff -ruN db-4.7.25.NC/sequence/sequence.c db-4.7.25.NC.new/sequence/sequence.c
+--- db-4.7.25.NC/sequence/sequence.c 2008-05-05 22:25:09.000000000 +0200
++++ db-4.7.25.NC.new/sequence/sequence.c 2009-11-08 12:50:27.000000000 +0100
+@@ -187,7 +187,11 @@
+ if ((ret = __db_get_flags(dbp, &tflags)) != 0)
+ goto err;
+
+- if (DB_IS_READONLY(dbp)) {
++ /*
++ * We can let replication clients open sequences, but must
++ * check later that they do not update them.
++ */
++ if (F_ISSET(dbp, DB_AM_RDONLY)) {
+ ret = __db_rdonly(dbp->env, "DB_SEQUENCE->open");
+ goto err;
+ }
+@@ -244,6 +248,11 @@
+ if ((ret != DB_NOTFOUND && ret != DB_KEYEMPTY) ||
+ !LF_ISSET(DB_CREATE))
+ goto err;
++ if (IS_REP_CLIENT(env) &&
++ !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {
++ ret = __db_rdonly(env, "DB_SEQUENCE->open");
++ goto err;
++ }
+ ret = 0;
+
+ rp = &seq->seq_record;
+@@ -296,7 +305,12 @@
+ */
+ rp = seq->seq_data.data;
+ if (rp->seq_version == DB_SEQUENCE_OLDVER) {
+-oldver: rp->seq_version = DB_SEQUENCE_VERSION;
++oldver: if (IS_REP_CLIENT(env) &&
++ !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {
++ ret = __db_rdonly(env, "DB_SEQUENCE->open");
++ goto err;
++ }
++ rp->seq_version = DB_SEQUENCE_VERSION;
+ if (!F_ISSET(env, ENV_LITTLEENDIAN)) {
+ if (IS_DB_AUTO_COMMIT(dbp, txn)) {
+ if ((ret =
+@@ -707,6 +721,13 @@
+
+ MUTEX_LOCK(env, seq->mtx_seq);
+
++ if (handle_check && IS_REP_CLIENT(env) &&
++ !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {
++ ret = __db_rdonly(env, "DB_SEQUENCE->get");
++ goto err;
++ }
++
++
+ if (rp->seq_min + delta > rp->seq_max) {
+ __db_errx(env, "Sequence overflow");
+ ret = EINVAL;
--- /dev/null
+diff -urN db-4.7.25.NC/lock/lock.c db-4.7.25.NC.new/lock/lock.c
+--- db-4.7.25.NC/lock/lock.c 2008-05-07 14:27:35.000000000 +0200
++++ db-4.7.25.NC.new/lock/lock.c 2009-11-08 12:52:19.000000000 +0100
+@@ -1274,10 +1274,12 @@
+ SH_TAILQ_REMOVE(
+ <->obj_tab[obj_ndx], sh_obj, links, __db_lockobj);
+ if (sh_obj->lockobj.size > sizeof(sh_obj->objdata)) {
+- LOCK_REGION_LOCK(env);
++ if (region->part_t_size != 1)
++ LOCK_REGION_LOCK(env);
+ __env_alloc_free(<->reginfo,
+ SH_DBT_PTR(&sh_obj->lockobj));
+- LOCK_REGION_UNLOCK(env);
++ if (region->part_t_size != 1)
++ LOCK_REGION_UNLOCK(env);
+ }
+ SH_TAILQ_INSERT_HEAD(
+ &FREE_OBJS(lt, part_id), sh_obj, links, __db_lockobj);
+@@ -1467,15 +1469,21 @@
+ if (obj->size <= sizeof(sh_obj->objdata))
+ p = sh_obj->objdata;
+ else {
+- LOCK_REGION_LOCK(env);
++ /*
++ * If we have only one partition, the region is locked.
++ */
++ if (region->part_t_size != 1)
++ LOCK_REGION_LOCK(env);
+ if ((ret =
+ __env_alloc(<->reginfo, obj->size, &p)) != 0) {
+ __db_errx(env,
+ "No space for lock object storage");
+- LOCK_REGION_UNLOCK(env);
++ if (region->part_t_size != 1)
++ LOCK_REGION_UNLOCK(env);
+ goto err;
+ }
+- LOCK_REGION_UNLOCK(env);
++ if (region->part_t_size != 1)
++ LOCK_REGION_UNLOCK(env);
+ }
+
+ memcpy(p, obj->data, obj->size);
--- /dev/null
+diff -urN db-4.7.25.NC/lock/lock_deadlock.c db-4.7.25.NC.new/lock/lock_deadlock.c
+--- db-4.7.25.NC/lock/lock_deadlock.c 2008-03-10 14:31:33.000000000 +0100
++++ db-4.7.25.NC.new/lock/lock_deadlock.c 2009-11-08 12:53:25.000000000 +0100
+@@ -121,7 +121,7 @@
+ DB_LOCKTAB *lt;
+ db_timespec now;
+ locker_info *idmap;
+- u_int32_t *bitmap, *copymap, **deadp, **free_me, *tmpmap;
++ u_int32_t *bitmap, *copymap, **deadp, **deadlist, *tmpmap;
+ u_int32_t i, cid, keeper, killid, limit, nalloc, nlockers;
+ u_int32_t lock_max, txn_max;
+ int ret, status;
+@@ -133,7 +133,8 @@
+ if (IS_REP_CLIENT(env))
+ atype = DB_LOCK_MINWRITE;
+
+- free_me = NULL;
++ copymap = tmpmap = NULL;
++ deadlist = NULL;
+
+ lt = env->lk_handle;
+ if (rejectp != NULL)
+@@ -179,11 +180,11 @@
+ memcpy(copymap, bitmap, nlockers * sizeof(u_int32_t) * nalloc);
+
+ if ((ret = __os_calloc(env, sizeof(u_int32_t), nalloc, &tmpmap)) != 0)
+- goto err1;
++ goto err;
+
+ /* Find a deadlock. */
+ if ((ret =
+- __dd_find(env, bitmap, idmap, nlockers, nalloc, &deadp)) != 0)
++ __dd_find(env, bitmap, idmap, nlockers, nalloc, &deadlist)) != 0)
+ return (ret);
+
+ /*
+@@ -204,8 +205,7 @@
+ txn_max = TXN_MAXIMUM;
+
+ killid = BAD_KILLID;
+- free_me = deadp;
+- for (; *deadp != NULL; deadp++) {
++ for (deadp = deadlist; *deadp != NULL; deadp++) {
+ if (rejectp != NULL)
+ ++*rejectp;
+ killid = (u_int32_t)(*deadp - bitmap) / nalloc;
+@@ -342,11 +342,12 @@
+ __db_msg(env,
+ "Aborting locker %lx", (u_long)idmap[killid].id);
+ }
+- __os_free(env, tmpmap);
+-err1: __os_free(env, copymap);
+-
+-err: if (free_me != NULL)
+- __os_free(env, free_me);
++err: if(copymap != NULL)
++ __os_free(env, copymap);
++ if (deadlist != NULL)
++ __os_free(env, deadlist);
++ if(tmpmap != NULL)
++ __os_free(env, tmpmap);
+ __os_free(env, bitmap);
+ __os_free(env, idmap);
+
+@@ -360,6 +361,17 @@
+
+ #define DD_INVALID_ID ((u_int32_t) -1)
+
++/*
++ * __dd_build --
++ * Build the lock dependency bit maps.
++ * Notes on syncronization:
++ * LOCK_SYSTEM_LOCK is used to hold objects locked when we have
++ * a single partition.
++ * LOCK_LOCKERS is held while we are walking the lockers list and
++ * to single thread the use of lockerp->dd_id.
++ * LOCK_DD protects the DD list of objects.
++ */
++
+ static int
+ __dd_build(env, atype, bmp, nlockers, allocp, idmap, rejectp)
+ ENV *env;
+@@ -393,6 +405,7 @@
+ * In particular we do not build the conflict array and our caller
+ * needs to expect this.
+ */
++ LOCK_SYSTEM_LOCK(lt, region);
+ if (atype == DB_LOCK_EXPIRE) {
+ skip: LOCK_DD(env, region);
+ op = SH_TAILQ_FIRST(®ion->dd_objs, __db_lockobj);
+@@ -430,17 +443,18 @@
+ OBJECT_UNLOCK(lt, region, indx);
+ }
+ UNLOCK_DD(env, region);
++ LOCK_SYSTEM_UNLOCK(lt, region);
+ goto done;
+ }
+
+ /*
+- * We'll check how many lockers there are, add a few more in for
+- * good measure and then allocate all the structures. Then we'll
+- * verify that we have enough room when we go back in and get the
+- * mutex the second time.
++ * Allocate after locking the region
++ * to make sure the structures are large enough.
+ */
+-retry: count = region->stat.st_nlockers;
++ LOCK_LOCKERS(env, region);
++ count = region->stat.st_nlockers;
+ if (count == 0) {
++ UNLOCK_LOCKERS(env, region);
+ *nlockers = 0;
+ return (0);
+ }
+@@ -448,50 +462,37 @@
+ if (FLD_ISSET(env->dbenv->verbose, DB_VERB_DEADLOCK))
+ __db_msg(env, "%lu lockers", (u_long)count);
+
+- count += 20;
+ nentries = (u_int32_t)DB_ALIGN(count, 32) / 32;
+
+- /*
+- * Allocate enough space for a count by count bitmap matrix.
+- *
+- * XXX
+- * We can probably save the malloc's between iterations just
+- * reallocing if necessary because count grew by too much.
+- */
++ /* Allocate enough space for a count by count bitmap matrix. */
+ if ((ret = __os_calloc(env, (size_t)count,
+- sizeof(u_int32_t) * nentries, &bitmap)) != 0)
++ sizeof(u_int32_t) * nentries, &bitmap)) != 0) {
++ UNLOCK_LOCKERS(env, region);
+ return (ret);
++ }
+
+ if ((ret = __os_calloc(env,
+ sizeof(u_int32_t), nentries, &tmpmap)) != 0) {
++ UNLOCK_LOCKERS(env, region);
+ __os_free(env, bitmap);
+ return (ret);
+ }
+
+ if ((ret = __os_calloc(env,
+ (size_t)count, sizeof(locker_info), &id_array)) != 0) {
++ UNLOCK_LOCKERS(env, region);
+ __os_free(env, bitmap);
+ __os_free(env, tmpmap);
+ return (ret);
+ }
+
+ /*
+- * Now go back in and actually fill in the matrix.
+- */
+- if (region->stat.st_nlockers > count) {
+- __os_free(env, bitmap);
+- __os_free(env, tmpmap);
+- __os_free(env, id_array);
+- goto retry;
+- }
+-
+- /*
+ * First we go through and assign each locker a deadlock detector id.
+ */
+ id = 0;
+- LOCK_LOCKERS(env, region);
+ SH_TAILQ_FOREACH(lip, ®ion->lockers, ulinks, __db_locker) {
+ if (lip->master_locker == INVALID_ROFF) {
++ DB_ASSERT(env, id < count);
+ lip->dd_id = id++;
+ id_array[lip->dd_id].id = lip->id;
+ switch (atype) {
+@@ -510,7 +511,6 @@
+ lip->dd_id = DD_INVALID_ID;
+
+ }
+- UNLOCK_LOCKERS(env, region);
+
+ /*
+ * We only need consider objects that have waiters, so we use
+@@ -669,7 +669,6 @@
+ * status after building the bit maps so that we will not detect
+ * a blocked transaction without noting that it is already aborting.
+ */
+- LOCK_LOCKERS(env, region);
+ for (id = 0; id < count; id++) {
+ if (!id_array[id].valid)
+ continue;
+@@ -738,6 +737,7 @@
+ id_array[id].in_abort = 1;
+ }
+ UNLOCK_LOCKERS(env, region);
++ LOCK_SYSTEM_UNLOCK(lt, region);
+
+ /*
+ * Now we can release everything except the bitmap matrix that we
+@@ -839,6 +839,7 @@
+ ret = 0;
+
+ /* We must lock so this locker cannot go away while we abort it. */
++ LOCK_SYSTEM_LOCK(lt, region);
+ LOCK_LOCKERS(env, region);
+
+ /*
+@@ -895,6 +896,7 @@
+ done: OBJECT_UNLOCK(lt, region, info->last_ndx);
+ err:
+ out: UNLOCK_LOCKERS(env, region);
++ LOCK_SYSTEM_UNLOCK(lt, region);
+ return (ret);
+ }
+
include $(TOPDIR)/rules.mk
PKG_NAME:=libtasn1
-PKG_VERSION:=3.6
+PKG_VERSION:=4.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=ftp://ftp.gnu.org/gnu/libtasn1
-PKG_MD5SUM:=6ed38e161e11013054f2a2bb4c4da449
+PKG_MD5SUM:=d3d2d9bce3b6668b9827a9df52635be1
#PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
PKG_NAME:=haproxy
PKG_VERSION:=1.5.1
-PKG_RELEASE:=09
+PKG_RELEASE:=12
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
PKG_MD5SUM:=49640cf3ddd793a05fbd3394481a1ed4
--- /dev/null
+From d38f5c0c1cbba00d80cad2640c005794fa5bc4f9 Mon Sep 17 00:00:00 2001
+From: Marco Corte <marco@marcocorte.it>
+Date: Wed, 2 Jul 2014 17:49:34 +0200
+Subject: [PATCH 10/12] MINOR: stats: fix minor typo in HTML page
+
+There is a very small typo in the statistics interface: a "set" in
+lowercase where allothers are uppercase "Set".
+(cherry picked from commit 8c27bcaea0116247ee055c5481a63507de4fe6e4)
+---
+ src/dumpstats.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dumpstats.c b/src/dumpstats.c
+index c8bac08..5365042 100644
+--- a/src/dumpstats.c
++++ b/src/dumpstats.c
+@@ -3710,7 +3710,7 @@ static void stats_dump_html_px_end(struct stream_interface *si, struct proxy *px
+ "<option value=\"\"></option>"
+ "<option value=\"ready\">Set state to READY</option>"
+ "<option value=\"drain\">Set state to DRAIN</option>"
+- "<option value=\"maint\">set state to MAINT</option>"
++ "<option value=\"maint\">Set state to MAINT</option>"
+ "<option value=\"dhlth\">Health: disable checks</option>"
+ "<option value=\"ehlth\">Health: enable checks</option>"
+ "<option value=\"hrunn\">Health: force UP</option>"
+--
+1.8.5.5
+
--- /dev/null
+From 76ad998e2b6ae852567ff53edb84a0b467c0c9cb Mon Sep 17 00:00:00 2001
+From: Jan Seda <hodor@hodor.cz>
+Date: Thu, 26 Jun 2014 20:44:05 +0200
+Subject: [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace
+ sockets upon failure.
+
+When bind() fails (function uxst_bind_listener()), the fail path doesn't
+consider the abstract namespace and tries to unlink paths held in
+uninitiliazed memory (tempname and backname). See the strace excerpt;
+the strings still hold the path from test1.
+
+===============================================================================================
+23722 bind(5, {sa_family=AF_FILE, path=@"test2"}, 110) = -1 EADDRINUSE (Address already in use)
+23722 unlink("/tmp/test1.sock.23722.tmp") = -1 ENOENT (No such file or directory)
+23722 close(5) = 0
+23722 unlink("/tmp/test1.sock.23722.bak") = -1 ENOENT (No such file or directory)
+===============================================================================================
+
+This patch should be backported to 1.5.
+(cherry picked from commit 7319b64fc4c9b7e04726816c6cc02f6ecf66a0a4)
+---
+ src/proto_uxst.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/proto_uxst.c b/src/proto_uxst.c
+index f83d34e..c9a52ff 100644
+--- a/src/proto_uxst.c
++++ b/src/proto_uxst.c
+@@ -309,11 +309,11 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
+ if (ret < 0 && errno == ENOENT)
+ unlink(path);
+ err_unlink_temp:
+- if (!ext)
++ if (!ext && path[0])
+ unlink(tempname);
+ close(fd);
+ err_unlink_back:
+- if (!ext)
++ if (!ext && path[0])
+ unlink(backname);
+ err_return:
+ if (msg && errlen) {
+--
+1.8.5.5
+
--- /dev/null
+From 9fe4cb64cd9514a72bcd4b2fd8781620da9e1f76 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Wed, 2 Jul 2014 19:01:22 +0200
+Subject: [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1
+
+As suggested by Aydan Yumerefendi, a little bit of examples never hurts.
+(cherry picked from commit 2d0caa38e040b081903e50faa56bae52599b3949)
+---
+ doc/configuration.txt | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index e53bb21..fcc6454 100644
+--- a/doc/configuration.txt
++++ b/doc/configuration.txt
+@@ -10722,6 +10722,10 @@ ssl_c_sha1 : binary
+ Returns the SHA-1 fingerprint of the certificate presented by the client when
+ the incoming connection was made over an SSL/TLS transport layer. This can be
+ used to stick a client to a server, or to pass this information to a server.
++ Note that the output is binary, so if you want to pass that signature to the
++ server, you need to encode it in hex or base64, such as in the example below:
++
++ http-request set-header X-SSL-Client-SHA1 %[ssl_c_sha1,hex]
+
+ ssl_c_sig_alg : string
+ Returns the name of the algorithm used to sign the certificate presented by
+--
+1.8.5.5
+
setup_firewall() {
local port fw
- config_get port $1 port
+ config_get port $1 port
test -z "$port" && return
- config_get fwport $1 "fwport"
+ config_get fwport $1 fwport
test "$fwport" = "$port" && return
+ logger -t ocserv "opening port $port..."
#can we remove the old rule?
uci add firewall rule
uci set firewall.@rule[-1].src=wan
+ uci set firewall.@rule[-1].name="ocserv-ext-port"
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcpudp
uci set firewall.@rule[-1].dest_port=$port
uci commit firewall
- /etc/init.d/firewall restart
uci set ocserv.config.fwport="$port"
uci commit ocserv
-}
-clear_firewall() {
- iptables-save | grep -v ocserv-rule | iptables-restore
+ /etc/init.d/firewall restart
}
setup_config() {
stop() {
service_stop /usr/sbin/ocserv
- clear_firewall
}
reload() {
SECTION:=net
CATEGORY:=Network
DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls
- TITLE:=VPN client for Cisco's AnyConnect SSL VPN
+ TITLE:=VPN client compatible with Cisco's AnyConnect SSL VPN
URL:=http://www.infradead.org/openconnect/
SUBMENU:=VPN
endef
define Package/openconnect/description
A VPN client compatible with Cisco's AnyConnect SSL VPN and ocserv.
- OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
- supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880, 1800, 2800,
- 3800, 7200 Series and Cisco 7301 Routers.
+ OpenConnect is a client that follows the Cisco's AnyConnect SSL VPN protocol,
+ which is supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880, 1800,
+ 2800, 3800, 7200 Series and Cisco 7301 Routers, as well as the OpenConnect
+ VPN server.
endef
CONFIGURE_ARGS += \
for ip in $(resolveip -t 10 "$server"); do
( proto_add_host_dependency "$config" "$ip" )
serv_addr=1
- fi
+ done
[ -n "$serv_addr" ] || {
logger -t openconnect "Could not resolve server address: '$server'"
sleep 20